Linux Today: Linux News On Internet Time.

SysAdmin: File Integrity Assessment via SSH

Jan 30, 2006, 13:00 (2 Talkback[s])

[ Thanks to A. Seda for this link. ]

"File integrity assessment (FIA) tools like Tripwire, Samhain, AIDE, et al. are commonly deployed in organizations to help assist forensic investigation after a security incident and as a host-based intrusion detection tool to help detect unauthorized file system changes (this also makes them useful monitoring tools for existing change control procedures, though that is not the focus of this article). The concept is simple: the administrator creates a configuration file that lists the critical system files and directories that the FIA tool should monitor, then uses the FIA tool to create a database that tracks common parameters about those files, such as permissions and ownerships, file size, and MAC times, along with one or more cryptographic checksums over the file contents (typically via common hashing algorithms like MD5, SHA-1, etc.)..."

Complete Story

Related Story:
LinuxGazette.net: Intrusion Detection with Tripwire(Sep 16, 2004)